imagemagick - security update

2016-12-2200:00:00

Google

osv.dev

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON

Numerous vulnerabilities were discovered in ImageMagick, an image
manipulation program. Issues include memory exception, heap, buffer
and stack overflows, out of bound reads and missing checks.

For Debian 7 Wheezy, these problems have been fixed in version
8:6.7.7.10-5+deb7u10.

The exact impact of the vulnerabilities is unknown, as they were
mostly discovered through fuzzing. We still recommend that you upgrade
your imagemagick packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: <https://wiki.debian.org/LTS>

CPENameOperatorVersion
imagemagickeq8:6.7.7.10-5+deb7u8
imagemagickeq8:6.7.7.10-5+deb7u5
imagemagickeq8:6.7.7.10-5+deb7u3
imagemagickeq8:6.7.7.10-5+deb7u7
imagemagickeq8:6.7.7.10-5+deb7u2
imagemagickeq8:6.7.7.10-5+deb7u9
imagemagickeq8:6.7.7.10-5+deb7u4
imagemagickeq8:6.7.7.10-5
imagemagickeq8:6.7.7.10-5+deb7u6

Name	Operator	Version
imagemagick	eq	8:6.7.7.10-5+deb7u8
imagemagick	eq	8:6.7.7.10-5+deb7u5
imagemagick	eq	8:6.7.7.10-5+deb7u3
imagemagick	eq	8:6.7.7.10-5+deb7u7
imagemagick	eq	8:6.7.7.10-5+deb7u2
imagemagick	eq	8:6.7.7.10-5+deb7u9
imagemagick	eq	8:6.7.7.10-5+deb7u4
imagemagick	eq	8:6.7.7.10-5
imagemagick	eq	8:6.7.7.10-5+deb7u6